Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2016-10309 9.8 CRITICAL EPSS 0.01

Ceragon Fibeair Ip-10 Firmware < 7.1.0 - Authentication Bypass

In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote attacker can bypass authentication by adding an ALBATROSS cookie with the value 0-4-11 to their browser.

CWE-287 Mar 30, 2017

CVE-2017-2689 8.8 HIGH EPSS 0.01

Siemens Ruggedcom Rox I < 2.9.0 - Improper Authorization

Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings.

CWE-287 Mar 29, 2017

CVE-2016-9463 8.1 HIGH 2 Writeups EPSS 0.04

Nextcloud Server < 9.0.54 - Authentication Bypass

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.1.2, 9.0.6, and 8.2.9 suffer from SMB User Authentication Bypass. Nextcloud/ownCloud include an optional and not by default enabled SMB authentication component that allows authenticating users against an SMB server. This backend is implemented in a way that tries to connect to a SMB server and if that succeeded consider the user logged-in. The backend did not properly take into account SMB servers that have any kind of anonymous auth configured. This is the default on SMB servers nowadays and allows an unauthenticated attacker to gain access to an account without valid credentials. Note: The SMB backend is disabled by default and requires manual configuration in the Nextcloud/ownCloud config file. If you have not configured the SMB backend then you're not affected by this vulnerability.

CWE-287 Mar 28, 2017

CVE-2016-9124 9.8 CRITICAL 1 Writeup EPSS 0.01

Revive Adserver <3.2.3 - Auth Bypass

Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducing service disruptions to regular users during such attacks. A random delay has instead been introduced as a countermeasure in case of password failures, along with a system to discourage parallel brute forcing. These systems will effectively allow the valid users to log in to the adserver, even while an attack is in progress.

CWE-287 Mar 28, 2017

CVE-2017-5237 7.5 HIGH EPSS 0.02

Eview EV-07S GPS Tracker - Info Disclosure

Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!"

CWE-287 Mar 27, 2017

CVE-2016-4926 9.8 CRITICAL EPSS 0.04

Juniper Junos Space < 15.2 - Authentication Bypass

Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authentication.

CWE-287 Mar 20, 2017

CVE-2017-3880 6.5 MEDIUM EPSS 0.00

Cisco WebEx Meetings Server - Auth Bypass

An Authentication Bypass vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access limited meeting information on the Cisco WebEx Meetings Server. More Information: CSCvd50728. Known Affected Releases: 2.6 2.7 2.8 CWMS-2.5MR1 Orion1.1.2.patch T29_orion_merge.

CWE-287 Mar 17, 2017

CVE-2017-3867 5.3 MEDIUM EPSS 0.00

Cisco ASA Software - ACL Bypass

A vulnerability in the Border Gateway Protocol (BGP) Bidirectional Forwarding Detection (BFD) implementation of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to bypass the access control list (ACL) for specific TCP and UDP traffic. More Information: CSCvc68229. Known Affected Releases: 9.6(2). Known Fixed Releases: 99.1(20.1) 99.1(10.2) 98.1(12.7) 98.1(1.49) 97.1(6.58) 97.1(0.134) 96.2(0.109) 9.7(1.1) 9.6(2.99) 9.6(2.8).

CWE-287 Mar 17, 2017

CVE-2017-6967 7.3 HIGH EPSS 0.00

xrdp 0.9.1 - Privilege Escalation

xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass.

CWE-287 Mar 17, 2017

CVE-2017-0100 7.8 HIGH 2 PoCs Analysis EPSS 0.35

Microsoft Windows 10 - Authentication Bypass

A DCOM object in Helppane.exe in Microsoft Windows 7 SP1; Windows Server 2008 R2; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows HelpPane Elevation of Privilege Vulnerability."

CWE-287 Mar 17, 2017

CVE-2017-3854 8.8 HIGH EPSS 0.01

Cisco Wireless LAN Controller - Privilege Escalation

A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC) software could allow an unauthenticated, remote attacker to impersonate a WLC in a meshed topology. The vulnerability is due to insufficient authentication of the parent access point in a mesh configuration. An attacker could exploit this vulnerability by forcing the target system to disconnect from the correct parent access point and reconnect to a rogue access point owned by the attacker. An exploit could allow the attacker to control the traffic flowing through the impacted access point or take full control of the target system. This vulnerability affects the following products running a vulnerable version of Wireless LAN Controller software and configured for meshed mode: Cisco 8500 Series Wireless Controller, Cisco 5500 Series Wireless Controller, Cisco 2500 Series Wireless Controller, Cisco Flex 7500 Series Wireless Controller, Cisco Virtual Wireless Controller, Wireless Services Module 2 (WiSM2). Note that additional configuration is needed in addition to upgrading to a fixed release. Cisco Bug IDs: CSCuc98992 CSCuu14804.

CWE-287 Mar 15, 2017

CVE-2017-3831 9.8 CRITICAL EPSS 0.06

Cisco Mobility Express 1800 Series - Auth Bypass

A vulnerability in the web-based GUI of Cisco Mobility Express 1800 Series Access Points could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. The vulnerability is due to improper implementation of authentication for accessing certain web pages using the GUI interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface of the affected system. A successful exploit could allow the attacker to bypass authentication and perform unauthorized configuration changes or issue control commands to the affected device. This vulnerability affects Cisco Mobility Express 1800 Series Access Points running a software version prior to 8.2.110.0. Cisco Bug IDs: CSCuy68219.

CWE-287 Mar 15, 2017

CVE-2016-8023 8.1 HIGH 1 PoC Analysis EPSS 0.11

Intel Security VSEL <2.0.3 - Auth Bypass

Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie.

CWE-287 Mar 14, 2017

CVE-2016-8022 7.5 HIGH 1 PoC Analysis EPSS 0.09

Intel Security VSEL <2.0.3 - RCE

Authentication bypass by spoofing vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to execute arbitrary code or cause a denial of service via a crafted authentication cookie.

CWE-287 Mar 14, 2017

CVE-2017-5619 9.8 CRITICAL EPSS 0.00

Zammad < 1.0.3 - Authentication Bypass

An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attackers can login with the hashed password itself (e.g., from the DB) instead of the valid password string.

CWE-287 Mar 13, 2017

CVE-2017-6526 9.8 CRITICAL 2 PoCs Analysis EPSS 0.84

Dnatools Dnalims - Authentication Bypass

An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi POST requests).

CWE-287 Mar 09, 2017

CVE-2017-6549 8.8 HIGH EXPLOITED 1 PoC Analysis EPSS 0.25

Asus Rt-ac53 Firmware - Authentication Bypass

Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488; and Asuswrt-Merlin firmware before 380.65_2 allows remote attackers to steal any active admin session by sending cgi_logout and asusrouter-Windows-IFTTT-1.0 in certain HTTP headers.

CWE-287 Mar 09, 2017

CVE-2016-9729 6.5 MEDIUM EPSS 0.00

IBM Qradar Security Information And E... - Authentication Bypass

IBM QRadar 7.2 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM Reference #: 1999545.

CWE-287 Mar 07, 2017

CVE-2016-7145 9.8 CRITICAL EPSS 0.00

Nefarious2 - Authentication Bypass

The m_authenticate function in ircd/m_authenticate.c in nefarious2 allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.

CWE-287 Mar 07, 2017

CVE-2017-6104 7.5 HIGH 1 PoC Analysis EPSS 0.39

Zen Mobile App Native < 3.0 - Authentication Bypass

Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0.

CWE-287 Mar 02, 2017

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps